Tor 0.2.3.22-rc fixes another opportunity for a remotely triggerable
assertion.
We'll be putting out 0.2.2.39 packages shortly that fix the issue too.
https://www.torproject.org/download/downloadhttps://www.torproject.org/dist/
(Packages coming eventually.)
Changes in version 0.2.3.22-rc - 2012-09-11
o Security fixes:
- Fix an assertion failure in tor_timegm() that could be triggered
by a badly formatted directory object. Bug found by fuzzing with
Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
o Minor bugfixes:
- Avoid segfault when starting up having run with an extremely old
version of Tor and parsing its state file. Fixes bug 6801; bugfix
on 0.2.2.23-alpha.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120912/fe2a791e/attachment.pgp>